{"id":450,"date":"2017-08-05T13:38:58","date_gmt":"2017-08-05T13:38:58","guid":{"rendered":"https:\/\/www.innocenceseekers.net\/wordpress\/?p=450"},"modified":"2017-08-10T00:27:47","modified_gmt":"2017-08-10T00:27:47","slug":"planned-site-maintenance-from-2017-08-06","status":"publish","type":"post","link":"https:\/\/www.innocenceseekers.net\/wordpress\/2017\/08\/05\/planned-site-maintenance-from-2017-08-06\/","title":{"rendered":"Planned site maintenance (from 2017-08-06)"},"content":{"rendered":"<p>Beginning tomorrow, I intend to do some site maintenance, mainly to improve the site&#8217;s HTTPS implementation (as well as renew the site certificate). As part of this maintenance, I will test an upgrade to HTTP\/2. This requires some work from my end, since the version of Apache bundled with Ubuntu 16.04 LTS does not support HTTP\/2. I will update this blog post as I proceed.<\/p>\n<p>UPDATE (2017-08-10): I&#8217;ve completed all maintenance work for now.<\/p>\n<p><!--more--><\/p>\n<p>Maintenance status (2017-08-10):<\/p>\n<ul>\n<li>Retrieved weekly MariaDB backup.<\/li>\n<li>Added Apache HTTP\/2 module. This entailed compiling Apache from source, then manually copying the module to where the modules are located.<\/li>\n<li>Enabled Apache HTTP\/2 module.<\/li>\n<li>Tweaked site configuration (to prevent MIME sniffing and clickjacking).<\/li>\n<li>Tweaked SSL configuration (only support TLS 1.2 and a limited number of cipher suites, as well as set the order of cipher suites).<\/li>\n<li>Redirected all HTTP to HTTPS.<\/li>\n<li>Renew certificate.<\/li>\n<\/ul>\n<p>This means that you need modern browsers to access this site. I can only guarantee access with Firefox 27+, Chrome 30+, Internet Explorer 11 (Windows 7 or later), Edge (Windows 10), Opera 17+, Safari 9+ (both macOS and iOS), Android 5.0+ and Java 8+. I highly recommend that you use Chrome or Firefox to access this website (I do most of my testing with these two browsers); so far, mobile is not supported (there may be display issues).<\/p>\n<p>Planned:<\/p>\n<ul>\n<li>Test HSTS configuration (no set date).<\/li>\n<li>Secure cookies (no set timeline due to potential web application issues; the planned site overhaul will implement secure cookies). Currently in progress.<\/li>\n<li>Install a bugtracker for the planned site overhaul (no set date). Note that security issues must <em>not<\/em> use the bugtracker, but must be mailed to me directly.<\/li>\n<li>Test the new site on the web server (no set date); so far I&#8217;ve been testing it on my own computer.<\/li>\n<\/ul>\n<p>HSTS configuration will be ongoing.<\/p>\n<p>Postponed:<\/p>\n<ul>\n<li>Add DNS CAA record (<a href=\"https:\/\/digitalocean.uservoice.com\/forums\/136585-digitalocean\/suggestions\/17738347-add-dns-caa-support-to-the-dns-manager\">no set timeline<\/a>).<\/li>\n<li>Replace RSA certificate with ECDSA certificate (will do in the renewal period after Let&#8217;s Encrypt implements ECDSA).<\/li>\n<li>Set Content Security Policy (CSP) (WordPress relies heavily on inline styles; this makes it even more imperative to overhaul the site).<\/li>\n<\/ul>\n<p>P.S. I plan to finish the second chapter of <em>Innocence Seekers: April Light<\/em> by September 28.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Beginning tomorrow, I intend to do some site maintenance, mainly to improve the site&#8217;s HTTPS implementation (as well as renew the site certificate). As part of this maintenance, I will test an upgrade to HTTP\/2. This requires some work from my end, since the version of Apache bundled with Ubuntu 16.04 LTS does not support [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[12],"class_list":["post-450","post","type-post","status-publish","format-standard","hentry","category-site-issues","tag-site-issues"],"_links":{"self":[{"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/posts\/450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/comments?post=450"}],"version-history":[{"count":6,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/posts\/450\/revisions"}],"predecessor-version":[{"id":457,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/posts\/450\/revisions\/457"}],"wp:attachment":[{"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/media?parent=450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/categories?post=450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.innocenceseekers.net\/wordpress\/wp-json\/wp\/v2\/tags?post=450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}